Integrating ESG into Enterprise Risk Management for Compliance

  • By Johan Nystedt
  • Published: 3/10/2023

Environmental Social GovernanceIntegrating ESG into an organization’s enterprise risk management (ERM) program is emerging as a key theme, as organizations seek to avoid the pitfalls of more siloed approaches to ESG. Not only is such integration considered a best practice, but regulators are also increasingly requiring companies to disclose how they integrate climate risks and opportunities into their governance and corporate strategy.

The aim of this article is to illustrate that this task does not have to be difficult, and in fact, can enable better overall enterprise risk management at your firm.

Guidance is arriving “just in time”

The good news is that we are seeing the emergence of go-to frameworks, such as the Task Force on Climate-Related Financial Disclosures (TCFD). They provide needed guidance on how to support compliance with many regulatory requirements.

In addition, as regulations require more integrated approaches, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has provided some relevant guidance on how to integrate ESG into ERM in order to leverage proven ERM processes supporting elevated ESG disclosure requirements.

Given the availability of such new guidance, now is an excellent time to start preparing for what is to come. As we will discuss later, deadlines could come quickly. Note that outside the U.S., many jurisdictions are already requiring substantial mandatory disclosures — so it is encouraging to know that this can be done!

Understandably, proposed requirements (such as those by the SEC) may seem daunting for many organizations. On top of having to disclose detailed ESG data, companies are also asked to describe any processes they have for identifying, assessing, and managing climate-related risks and opportunities. Additionally, companies need to disclose processes on how they determine the relative significance of climate-related risks compared to other risks and describe their process for how to decide whether to mitigate, accept or adapt to a particular risk, among other things. This is why it is a relief to many companies that ERM provides proven processes to tackle many of these requirements.

Timing considerations

Compliance deadlines could be near. Under the proposal by the SEC, starting as early as next year, many companies publicly listed in the United States would have to disclose detailed information about their vulnerabilities and contributions to climate change. This would be provided in a “Climate-Related Disclosure” section in certain securities filings. Under the SEC’s vision, within four years of the rule’s effectiveness, all companies publicly traded in the U.S. would be required to report and obtain third-party assurance on their own direct greenhouse gas (GHG) emissions (Scope 1), and the GHG emissions associated with their purchase of electricity (Scope 2). Moreover, most would also ultimately be required to report their indirect GHG emissions associated with their suppliers and customers (Scope 3). Rating agencies, investors, litigators and proxy firms are also increasingly becoming more interested in understanding companies’ plans and abilities to adhere to ESG regulations.

SEC climate-related disclosures are on the horizon. Learn how the proposed rule changes will impact finance.

How ERM can help with compliance

Many companies feel that timely compliance is a challenge. Among polled public company executives (Deloitte 3/2022), over 80% stated they will need additional resources to comply with ESG. Almost 60% indicated that data availability and quality represented the most significant challenges for ESG compliance. Yet only 21% had an ESG council or working group, although over 50% were working to establish one.

ESG must go beyond being just a legally managed responsibility. It needs to rely on expertise from within the whole company in a coordinated fashion. The good news is that this is exactly what ERM was designed to do as it pertains to managing top risks, including ESG-related risks.

ERM provides an integrated and controlled process that leverages relevant organization-wide expertise. Regulatory requirements are simply becoming too wide-ranging to be the responsibility of one ESG lead (often the head of legal). It is time that the entire expertise of the organization is mobilized to deal with new regulatory requirements, especially as disclosures are becoming mandatory versus voluntary, triggering enhanced scrutiny by litigators and investors alike.

What we need is largely what we already have

The positive surprise for many companies is that, while the evolving requirements seem daunting, it turns out that a lot of needed information and know-how often already exists somewhere in the organization.

When ESG disclosure is the responsibility of a single person, or a small team (often in the legal department), the organization's collective know-how is typically not fully leveraged. The collective know-how can be better utilized by applying proven ERM processes to gain fuller insight and avoid omissions. This is especially valuable for firms with an ERM process in place, as they can leverage existing activities.

For organizations that have not yet embraced ERM, now is an excellent time to consider doing so — not only to deal with ESG requirements but also to take advantage of the strategic value-add that modern ERM unlocks.

Next steps

Now is an opportune time to prepare for ESG-related regulatory requirements. The first step to success is to inventory existing ERM activities and determine how they can be leveraged for ESG integration. The second step is to discover enterprise-wide knowledge and to onboard key in-house subject matter experts and decision-makers to the cause. This effort tends to have an added benefit: By engaging a broader set of talent, corporate-wide buy-in tends to improve. Engagement soars when people feel that they are providing important know-how as business partners in delivering the company's legal obligations and strategic vision.

About the Writer

Johan Nystedt, President and Founder of Nystedt Enterprise Solutions LLC: Having managed risk for many companies including Conagra Brands (as the Chief Risk Officer), Levi Strauss, RR Donnelley and Kraft Foods, Johan took the next step in spreading his passion for ERM and ESG by founding Nystedt Enterprise Solutions LLC. Johan is a frequent presenter and moderator at global conferences, and highlighted the importance of ESG to investors as early as 2015. Find out more at

Copyright © 2024 Association for Financial Professionals, Inc.
All rights reserved.